/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Mastercard loyalty programme customers hit by data leak

Mastercard has notified regulators in Germany and Belgium about a loyalty programme data breach affecting the details of several thousand customers.

  4 2 comments

Mastercard loyalty programme customers hit by data leak

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The card giant noticed on 19 August that customer data from the 'Priceless Specials' loyalty programme had made its way onto the internet for "a certain period of time", says a statement from the Belgian Data Protection Authority.

Names, payment card numbers, email addresses, home addresses, phone numbers, gender and dates of birth of a "large number" of customers were compromised. A "significant portion" of the victims are German, Mastercard says. Belgian authorities were notified because the company has its regional headquarters in Waterloo.

In a statement to Bloomberg, Mastercard says the breach "has no connection to Mastercard’s payment transaction network," adding that "there was an event involving the Specials loyalty platform in Germany managed by a third-party vendor, which resulted in the unauthorized distribution of certain information".

David Stevens, chairman, Belgian Data Protection Authority, says: "We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities."

Sponsored New Event Report – Natural Capital Finance

Related Company

Keywords

Comments: (2)

A Finextra member 

I wonder why neither MasterCard or the Belgian Data Protection Authority aren't more transparent over the size and impact of the breach? "Certain period of time" and "significant portion" and "large number" all seems very wooly to me. They should disclose what they know without further delay.

Salman Amjad

Salman Amjad PAYMENTS SOLUTIONS at Bank

In the first place why these cards weren’t kept tokenized.

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates